ContentLion Alpha 1.3 - 'login.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52112/info ContentLion Alpha is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Oxwall 1.1.1 - 'plugin' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52125/info Oxwall is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

Xavi 7968 ADSL Router - Multiple Cross-Site Request Forgery Vulnerabilities

Xavi 7968 ADSL Router - Multiple Cross-Site Request Forgery Vulnerabilities source: https://www.securityfocus.com/bid/52098/info Xavi 7968 ADSL Router is prone to cross-site scripting, HTML-injection and cross-site request forgery vulnerabilities. The attacker can exploit the issues to execute...

Xavi 7968 ADSL Router - webconfigwanconfirm.htmlconfirm?pvcName Cross-Site Scripting

Xavi 7968 ADSL Router - webconfigwanconfirm.htmlconfirm?pvcName Cross-Site Scripting source: https://www.securityfocus.com/bid/52098/info Xavi 7968 ADSL Router is prone to cross-site scripting, HTML-injection and cross-site request forgery vulnerabilities. The attacker can exploit the issues to...

Vulnerability in DotNetNuke Could Allow Arbitrary Script Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting DotNetNuke 6.0.0 through version 6.0.2. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, DotNetNuke. DotNetNuk...

Xavi 7968 ADSL Router - '/webconfig/wan/confirm.html/confirm?pvcName' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52098/info Xavi 7968 ADSL Router is prone to cross-site scripting, HTML-injection and cross-site request forgery vulnerabilities. The attacker can exploit the issues to execute arbitrary script code in the context of the vulnerable site, potentially...

Dolphin 7.0.x - explanation.php?explain Cross-Site Scripting

Dolphin 7.0.x - explanation.php?explain Cross-Site Scripting source: https://www.securityfocus.com/bid/52088/info Dolphin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary...

Dolphin 7.0.x - viewFriends.php Multiple Cross-Site Scripting Vulnerabilities

Dolphin 7.0.x - viewFriends.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/52088/info Dolphin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...

Vulnerability in DotNetNuke Could Allow Arbitrary Script Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting DotNetNuke 6.0.2 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, DotNetNuke. DotNetNuke...

F*EX 20100208/20111129-2 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/52085/info FEX is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal cookie-base...

ButorWiki 3.0 - service Cross-Site Scripting

ButorWiki 3.0 - service Cross-Site Scripting source: https://www.securityfocus.com/bid/52059/info ButorWiki is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the brows...

JaWiki - versionNo Cross-Site Scripting

JaWiki - versionNo Cross-Site Scripting source: https://www.securityfocus.com/bid/52060/info JaWiki is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Tube Ace - q Cross-Site Scripting

Tube Ace - q Cross-Site Scripting source: https://www.securityfocus.com/bid/52046/info Tube Ace is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

11in1 Cross Site Request Forgery and Local File Include Vulnerabilities

11in1 is prone to a cross-site request-forgery and a local file include vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and open or run...

cforms II vulnerable to cross-site scripting

Overview cforms II contains a cross-site scripting vulnerability. cforms II provided by delicious days is a plugin for WordPress. cforms II contains a cross-site scripting vulnerability. Kousuke Ebihara and Yuya Watanabe of Tejimaya.inc reported this vulnerability to IPA. JPCERT/CC coordinated wi...

11in1 CMS 1.2.1 - Cross-Site Request Forgery (Admin Password)

11in1 CMS 1.2.1 - Cross-Site Request Forgery Admin Password source: https://www.securityfocus.com/bid/52025/info 11in1 is prone to a cross-site request-forgery and a local file include vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an...

11in1 CMS 1.2.1 - '/admin/index.php?class' Traversal Local File Inclusion

source: https://www.securityfocus.com/bid/52025/info 11in1 is prone to a cross-site request-forgery and a local file include vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal...

11in1 CMS 1.2.1 - index.php?class Traversal Local File Inclusion

11in1 CMS 1.2.1 - index.php?class Traversal Local File Inclusion source: https://www.securityfocus.com/bid/52025/info 11in1 is prone to a cross-site request-forgery and a local file include vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the 1 period parameter to showHistoryData.do; 2 selectedNetwork, 3 network, or 4 group parameters to showresource.do; 5 header...

Microsoft SharePoint 'inplview.aspx' Cross Site Scripting Vulnerability

Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...